|
Our firewall only allows HTTP port 80 but we have detected that a user accesses some other protocols and ports that we deny in our firewall. We know that he has developed an application (Console mmc.exe but using HTML) in his server that open other protocols via HTTP. He showed me his PC's desktop and I see that he access to other protocols via browser by using a converter that he wrote and published on the internet Hosted on IIS in his VPX Is this possible and how? |
||||
|
|
|
Very possible. This is why a firewall alone is not total security. For instance, if you allow port 80, but do not enforce only HTTP on port 80, then the port could be used for any type of traffic (ssh, irc, etc). All you need is a server on the other side of the firewall to re-route the traffic to the expected port on another server, or process the traffic itself. Ports do not limit the traffic to a certain protocol, they only provide convenience to standardization for expectations. |
|||||
|
|
It is certainly possible. It sounds like he did it in a rather convoluted way though. This is by definition the point of a proxy server which would do the job far more easily. A willing client and server can establish a connection on any port number and even if you are using a content aware firewall, it is a simple enough thing to make a transposition of data that will make it look like standard traffic and then have the server convert and relay it. (Though this more stealthy approach would likely require some custom coding.) It sounds like he is running something similar to many remote admin systems for web servers that run over HTTP. It sounds pretty limited and not very fancy from what you describe. |
|||
|
|
